TY - GEN
T1 - A high-performance, low-overhead microarchitecture for secure program execution
AU - Kanuparthi, Arun K.
AU - Karri, Ramesh
AU - Ormazabal, Gaston
AU - Addepalli, Sateesh K.
PY - 2012
Y1 - 2012
N2 - High performance and low power consumption have traditionally been the primary design goals for computer architects. With computer systems facing a wave of attacks that disrupt their normal execution or leak sensitive data, computer security is no longer an afterthought. Dynamic integrity checking has emerged as a possible solution to protect computer systems by thwarting various attacks. Dynamic integrity checking involves calculation of hashes of the instructions in the code being executed and comparing these hashes against corresponding precomputed hashes at runtime. The processor pipeline is stalled and the instructions are not allowed to commit until the integrity check is complete. Such an approach has severe performance implications as it stalls the pipeline for several cycles. In this paper, we propose a hardware-based dynamic integrity checking approach that does not stall the processor pipeline. We permit the instructions to commit before the integrity check is complete, and allow them to make changes to the register file, but not the data cache. The system is rolled back to a known state if the checker deems the instructions as modified. Our experiments show an average performance overhead of 1.66%, area overhead of 4.25%, and a power overhead of 2.45% over a baseline processor.
AB - High performance and low power consumption have traditionally been the primary design goals for computer architects. With computer systems facing a wave of attacks that disrupt their normal execution or leak sensitive data, computer security is no longer an afterthought. Dynamic integrity checking has emerged as a possible solution to protect computer systems by thwarting various attacks. Dynamic integrity checking involves calculation of hashes of the instructions in the code being executed and comparing these hashes against corresponding precomputed hashes at runtime. The processor pipeline is stalled and the instructions are not allowed to commit until the integrity check is complete. Such an approach has severe performance implications as it stalls the pipeline for several cycles. In this paper, we propose a hardware-based dynamic integrity checking approach that does not stall the processor pipeline. We permit the instructions to commit before the integrity check is complete, and allow them to make changes to the register file, but not the data cache. The system is rolled back to a known state if the checker deems the instructions as modified. Our experiments show an average performance overhead of 1.66%, area overhead of 4.25%, and a power overhead of 2.45% over a baseline processor.
UR - http://www.scopus.com/inward/record.url?scp=84872080751&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84872080751&partnerID=8YFLogxK
U2 - 10.1109/ICCD.2012.6378624
DO - 10.1109/ICCD.2012.6378624
M3 - Conference contribution
AN - SCOPUS:84872080751
SN - 9781467330503
T3 - Proceedings - IEEE International Conference on Computer Design: VLSI in Computers and Processors
SP - 102
EP - 107
BT - 2012 IEEE 30th International Conference on Computer Design, ICCD 2012
T2 - 2012 IEEE 30th International Conference on Computer Design, ICCD 2012
Y2 - 30 September 2012 through 3 October 2012
ER -